Incident Response Plan
-
What to do in case our servers/databases are hacked?
- We are implementing our previously determined incident response plan. Our plan consists of 6 steps. Preparation, Identification, Containment, Investigation,Eradication and Recovery. Our incident response plan is reviewed and verified the plan every six (6) months and after any major infrastructure or system change.
-
What to do in case an unauthorized access to customer data is detected?
- The primary focus of our team is to limit damage and prevent further escalation or breaches. The team disconnects system from the network and allow it to continue stand-alone operations.They also reset passwords for users with accounts that were breached, or block accounts of insiders that may have caused the incident. Additionally, they back up all affected systems to preserve their current state for later forensics.
-
Who to contact in case of an incident and what steps to follow?
- Incident response team. Our incident response team consists of two people (one of them is system/security expert and other one is development expert). We update the teams every 2 months. Our system and security team are responsible to monitor security events in our environment using firewalls, intrusion prevention systems, and data loss prevention. When they detect potential security incidents, they report immediately incident response team.
-
What to do in case our servers leaked Amazon Information?
- We have two types of containment: long and short. Short-term containment is an immediate response, stopping the threat from spreading and doing further damage. Back-up on all affected systems to save their current states for later forensics. Long-term containment includes returning all systems to production to allow for standard business operation, but without the accounts and backdoors that allowed for the intrusion.
-
How to reach out to Amazon to inform them of the incident?
- We will inform Amazon (via email to security@amazon.com) within 24 hours of detecting any Security Incidents. We maintain the chain of custody for all evidences or records collected, and such documentation is made available to Amazon on request.
